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ABSTRACT 



A method and apparatus using a location receiver for com- 
puter security is provided. Asystem includes a processor and 
a bus coupled to the processor. The system further includes 
a location receiver for receiving a current location of the 
system, and a database including at least one authorized 
location for the system. The system further includes a 
comparator for comparing the current location with the 
authorized location. The system also includes a response 
unit for responding if the current location does not corre- 
spond to the authorized location. 

28 Claims, 6 Drawing Sheets 
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GEOGRAPHIC LOCATION RECEIVER SUMMARY OF THE INVENTION 

BASED COMPUTER SYSTEM SECURITY A method and apparatus fof , location bascd 

FIELD OF THE INVENTION system is described The system includes a processor and a 

bus coupled to the processor. The system further includes a 

The present invention relates to computer security, and 5 location receiver for receiving a current location of the 

more specifically, to using a geographic location for com- system, and a database including at least one authorized 

puter security. location for the system. The system further includes a 

BACKGROUND comparator for comparing the current location with the 

_ authorized location. The system also includes a response 

Local identification systems provide a geographic loca- 1 un it for responding if the current location does not corre- 

tion for a location identification system. One known location spond to the authorized location, 
identification system is a the global positioning system. 

The Global Positioning System (GPS) is a "constellation" BRIEF DESCRIPTION OF THE DRAWINGS 

of 24 satellites that orbit the Earth and make it possible for ^ ^ m invcntion ^ fluted by way of example, 

people with ground receivers to pinpoint their geographic and J b of m the figures of me accom . 

location. The location accuracy is anywhere from 100 to 10 ^ dfawi afld {n whfch ^ refereQce numerals refer 

meters for most equipment. Accuracy can be pinpointed to * elemeat$ and ^ which . 

within one meter with special military-approved equipment ^ .„ . . c 

or by using differential GPS. Differential GPS uses a fixed no - * lUustrales a P nor scamt y s y stem for 

location receiver in addition to a GPS satellite, to detennine automobile. 

the exact location of the receiver. FIG. 2 illustrates a computer system on which the present 

GPS equipment is widely used in science and has now invention may be implemented, 

become sufficiently low-cost so that almost anyone can own FIG. 3 illustrates a block diagram of one embodiment of 

a GPS receiver. The GPS is owned and operated by the U.S. 25 the security system of the present invention. 

Department of Defense but is available for general use FIG. 4 is a flowchart illustrating one embodiment of the 

around the world. The system encompasses twenty-one GPS process of location verification. 

satellites and three spare satellites in orbit at 10,600 miles pj G 5 ^ a flowchart illustrating one embodiment of the 

above the Earth. The satellites are spaced so that from any selection of the response 

point on Earth, four satellites will be above the horizon. 30 nG 6 ^ a flowchart moating one embodiment of the 

Each sateUite contains a computer, an atomic cfock, and a proccss of adding authorizcd i ocations to the present system, 

radio. With an understanding of its own orbit and the clock, r & 

it continually broadcasts its changing position and time. On DETAILED DESCRIPTION 
the-ground, any GPS receiver contains a computer that 

"triangulates" its own position by getting bearings from 35 A method aod apparatus for a computer security system is 

three of the four satellites. " " described. 

The result is provided in the form of a geographic FIG. 2 is a block diagram of the computer system 200 in 

position—longitude and latitude. If the receiver is also which embodiment of the present invention can be 

equipped with a display screen that shows a map, the implemented Computer system 200 comprises a bus 201 or 

position can be shown on the map. If a fourth satellite can 40 other communication means for communicating 

be received, the receiver/computer can figure out the altitude information, and a processor 202 coupled with bus 201 for 

as well as the geographic position. If the receiver is moving, processing information. Computer system 200 also com- 

the receiver may also be able to calculate its speed and prises a read only memory (ROM) and/or other static storage 

direction of travel and provide an estimated time of arrival device 206 coupled to bus 201 for storing static information 

to a specified destinatioa 4S and instructions for processor 202. 

GPS receivers are becoming consumer products. In addi- ^ computer system 200 further comprises a main 

tion to their outdoor use (hiking, cross-country skiing, memory 203, a dynamic storage device for storing informa- 

ballooning, flying, and sailing), one prior art use of GPS &on and instructions to be executed. Main memory 203 also 

receivers is in cars to relate the driver's location with traffic may be used for storing temporary variables or other inter- 

and weather information 50 mediate information during execution of instructions. In one 

FIG. 1 illustrates a prior art security system for vehicles. embodiment the main memory 203 is dynamic random 

A GPS system 120 aod a cellular telephone 130 are in the access memory (DRAM). 

vehicle U0. When a vehicle 110 including the GPS system Computer system 200 can also be coupled via I/O bus 230 

120 and cellular telephone 130 is stolen, the user notifies a to a display device 205, such as a cathode ray tube (CRT) or 

monitoring station which includes a monitoring system 150. 55 liquid crystal display (LCD) screen, for displaying informa- 

The monitoring system 150 includes an alert system 160, an tion to a computer user. An input device 206 is typically 

information receiving unit 170 for receiving GPS informa- coupled to I/O bus 230 for communicating information and 

tion transmitted by the vehicle 110, and a tracking mccha- command selections to processor 202. Another type of user 

nism 180 that includes a GPS receiver. When the user alerts input device 206 is cursor control device 206, such as a 

the monitoring system 150, the information receiving unit 60 mouse, a trackball, trackpad, or cursor direction keys for 

170 the dials into the cellular telephone 130 in the stolen communicating direction information and command selec- 

vehicle 110. The GPS system 120 on the stolen vehicle 110 lions to processor 202 and for controlling cursor movement 

transmits details of the vehicle's 110 location via the cellular on display device 205. Alternatively, other input devices 206 

telephone 130. These longitude and latitude details are such as a stylus or pen can be used to interact with the 

displayed on the tracking mechanism 180 of the monitoring 65 display. 

system 150. this permits the monitoring system 150 to direct The computer system 200 may further be coupled via the 

the police to recover the vehicle. I/O bus 230 to a network device 210 for communicating with 
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other computers. The network device 210 may be a modem, starts. At block 415, the process tests whether timer 335 has 

a network card, or other device to communicate between the expired. The timer may have expired because a certain 

computer system 200 and other systems or networks. period of time has expired or another event occurred. If the 

The computer system 200 further includes a security timer is not expired, the process loops back to block 415, to 

system 220 for determining the geographic location of the 5 query again. For one embodiment, this system is an interrupt 

computer system 200. For one embodiment, the security driven system. The process does not continuously query the 

system 220 is coupled to the computer system 200 via the timer, rather when the timer expires, the timer sends an 

main bus 201. For another embodiment, the security system interrupt to the processor to initiate the process illustrated in 

220 is coupled to the computer system 200 via the I/O bus FIG. 4. For one embodiment, the entire process runs in the 

230 or the PCI bus. Alternatively, the security system 220 10 background, without alerting the user. If, at block 415, the 

may be included in the processor 202. timer has expired, the process continues to block 420. 

FIG. 3 illustrates a block diagram of one embodiment of At block 420, the system tests that the location receiver is 

the security system of the present invention. The security present in the system. At block 425, the system queries 

system 310 includes a location receiver 320. For one whether the location receiver was found in the system. If the 

embodiment, the location receiver is a global positioning 15 location receiver was found, the process continues to block 

system (GPS) receiver 320. For another embodiment, the 445. 

location receiver may be based on cellular telephone cell At block 445, the location receiver is queried for the 

locations. Alternative systems that determine a current loca- current location of the computer system. For one 

tion may also be used. embodiment, the location receiver is a GPS receiver, and the 

The security system 310 further includes a database 360. 20 GPS receiver determines a current latitude and longitude, 

The database 360 stores authorized locations for the system. and possibly altitude. 

For one embodiment, the database 360 includes a user At block 450, the current location, as determined by the 

interface 365 that permits a user to modify the list of location receiver, is compared with location information in 

authorized locations. Furthermore, the database 360 the database. At block 455, the process tests whether the 

includes a database security unit 370 that restricts access to current location corresponds to an "authorized location" 

modifying the database 360, as will be described below. For within the database. As will be discussed below, the loca- 

one embodiment, the database 360 is located on a flash tk>ns within the database identify those areas to which the 

memory device, and the user interface 365 is a flash memory computer system may be moved. 

user interface 365. 3Q if at b i oc fc 455 ft ^ determined that the current location 

A testing unit 330 initiates location receiver 320 to test the is in the database, the process returns to block 415, waiting 

current location. The testing unit 330 is initialized by a timer f or timer to expired. 

335. The timer 335 may include multiple functions. For one If> however> at block 455, it ^ determined that the current 

embodiment, the timer 335 simply tests the time expired \ ocat i on & not in the database, the process continues to block 

since the location was last determined. For an alternative 35 4^ 

embodiment, me timer 335 tests whether the computer has .* , A , n , . . . , - 

been off sini the last time the location was tested For yet . " * lodk ™> for ° ne <«*>*™!*> a 18 

another embodiment, the timer 335 tests whether the com- J"*"*?* ^ ^computer is outside of toe area or winch 

puter has been in the standby state since the last time the itsusercaumonzed^orana^ 

location was tested. Alternatively, a combination of the „ dialogs displayed. The process then continues to block 435. 

above testing conditions, or other conditions, may be used to At block 435, the response mechanism is activated. The 

indicate that a new test is appropriate. response mechanism responds to the computer system being 

Acomparator340isfurtherincluded.Thecomparator340 outside of authorized locations. The specific responses 

receives the current location information from the location ma y ** any of a aD & oE "spouses, including .turning off the 

receiver 320, and compares the current location to a list of 4S computer, deleting files, etc. The responses will be described 

authorized locations in the database 360. The comparator m more detaJ ^low. After the response mechanism is 

transmits a yes/no response, indicating whether or not the activated at block 435, the process returns to block 415, 

current location is an authorized location to the response unit wamn 8 for ^ tomcr to e *P uc - 

350 At block 425, the system determined whether the location 

The response unit 350 responds to an affirmative answer 50 receiver was present in the system. If no receiver is found, 

by resetting the timer 335. The response unit 350 responds ™e process continues to block 430. At block 430, the user is 

to a negative answer by one of a variety of possible informed of the absence of the receiver, for one embodi- 

responses. These responses are described in more detail with ment - For an alternative embodiment, no such notification is 

respect to FIG 5 below provided. The process then continues to block 435, where 

The security system of the present invention is different 55 ^ res P onsc m«*anism is activated. From there, the pro- 

from prior art security systems in that it is self-contained. C6SS returns to block 415, to wait for the timer to expire 

The database included in the security system and the loca- again. 

tion receiver 320 together act as a complete system. Prior art FIG. 5 is a flowchart illustrating one embodiment of the 

systems generally require outside participation. The auto- selection of the response. This flowchart is initiated when 

mobile security system described above requires a user to 60 mc response mechanism is activated, in block 435 of FIG. 4. 

alert a monitoring station, which then can receive location Returning to FIG. 5, the process starts at block 510. 

data from the vehicle. The vehicle itself does not respond to At block 515, the system tests whether the user has 

the theft. Additionally, the prior art response is merely selected a response mechanism. The user may select one of 

permitting monitoring of the location of the vehicle, rather a set of responses to the failure of the location testing. This 

than an affirmative response, as in the present system. 65 selection mechanism is protected via known security tech- 

FIG. 4 is a flowchart illustrating one embodiment of the niques. For one embodiment, the user has to enter a 

process of location verification. At block 410 the process password, in order to select a response. For one 
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embodiment, after a set number of attempts, the preset or as broad as all of the United States. For one embodiment, 

mechanism is locked, preventing a thief from breaking into the location is defined by a latitude and longitude informa- 

the preset mechanism. Alternative protection for the selec- tion. At block 610, the process starts, 
tion mechanism may be used. For an alternative At block 620, security is queried for the database. Adding 

embodiment, the preset response may not be modified by the 5 authorized locations to the database is restricted. Otherwise, 

user. If the user did not select a response, the system a thief could simply access the database and add the whole 

proceeds to block 525. At block 525, the response is set to world as authorized area. For one embodiment, the security 

a default response. If the user selected a response, the system is a password. For one embodiment, the security is 

proceeds to block 520. At block 520, the response is set to encrypted by a public key of the user, requiring the user's 

the user's selected response. The chart then illustrates some 10 private key to decrypt. For one embodiment, the security 

of the possible routes. The system may implement any or all includes a hardware device, such as a flash memory device, 

of the responses illustrated. making it harder to break. Other means of ensuring that only 

At block 530, the system is turned off. The system may those authorized to alter the database are permitted to access 

turn off and set the timer such that next time the system is it may be used. For one embodiment, the security check 

turned on, it tests the location prior to doing anything else. *5 includes testing whether the computer is in an authorized 

For one embodiment, only part of the system is turned off, location at the time of access. If the computer is not in an 

sucb as the input devices. authorized location, the security check fails. 

At block 535, the system is locked. Locking the system At block 630, the system tests whether the security check 
prevents access to the system, without turning off the is correct. That is, the system tests whether the user attempt- 
system. This may be useful, for example, if the system were 20 ing to access the database is authorized to do so. If the 
simultaneously sounding an alert, for which the system security check fails, the system returns to block 620. If the 
needs to be turned on. For one embodiment, the system is security check is correct, the system continues to block 640. 
automatically unlocked when the computer is returned to the At block 640, for one embodiment a map is displayed. For 
designated area. For an another embodiment, the system can one embodiment, this map is of the United States. For 
only be unlocked by using a special unlocking device such 25 another embodiment, this is a map of the world. For a third 
as a key, card, password, or similar system. For one embodiment, the user can select the map area to be displayed 
embodiment, the user does not own this special unlocking from a menu or via user entry. 

device. Rather, for example, the system administrator may M D i oc k 650, for one embodiment the user is prompted to 

hold the unlocking device. ^ select an area of the map. This step may be repeated until the 

At block 540, the user is warned that the system is not in map is of sufficient detail to permit the user to select the 

an authorized location. This may include an audio as well as actual location or locations for authorization, 
a visual warning. For one embodiment, the "authorized At block 660, the user is prompted to identify actual valid 

location" is indicated to the user. Thus, for example, the area For one embodiment, this is done by marking an area 

warning may read "This computer system is only authorized ^ within the displayed map. For an alternative embodiment, 

to be used within location X." me steps illustrated in blocks 640 and 650 may be left out, 

At block 545, an alert is sounded. Two types of alerts may leading the user directly to block 660. In one embodiment, 

be sounded. One may be an audible alert similar to a car after block 630, the user can directly enter latitude and 

alarm, indicating to surrounding persons that the system was longitude information. For yet another embodiment, the user 

stolen. In addition, or alternatively, a silent alarm may be ^ may add names of designated areas, such as cities, counties, 

transmitted to a predetermined site. For one embodiment, countries, etc. Alternative methods of adding information 

the system may include a cellular telephone or a similar about a geographic location may be used, 
means of communicating with the outside world. In that At block 670, the map information is translated into the 

instance, a telephone alert number may be included within appropriate information for the location receiver. For one 

the system to alert the user, the owner of the system, the 4S embodiment, the location receiver is a GPS system, and the 

police, the manufacturer, or another number that the system appropriate format is latitude and longitude information. For 

has been taken outside the authorized area. For an alternative another embodiment, a different system may be used. For 

embodiment, if wireless modem is included in the system, one embodiment this step may be skipped, and the infor- 

the alert may be via e-mail, or other means. mation about the current location may be translated during 

At block 550, the system deletes sensitive files marked for 50 the testing process illustrated in FIG. 4. 
deletion in the event the system is removed from the At block 680, the information is stored in the database, 

authorized area. For one embodiment, the system on which The system then returns to block 610, the starting position, 

this security system is implemented may include highly The user may continue adding locations, or in the 

sensitive files. These sensitive files may be marked for alternative, end the location addition. For one embodiment, 

automatic deletion if the system is taken out of the desig- 55 th c location addition mechanism is automatically terminated 

nated geographic area. For one embodiment, the deletion after a certain number of idle minutes, 
permits recovery, once the system is returned to the appro- security system 310 may be implemented in a wide 

priate location. For another embodiment, such a deletion is variety of systems. For example, the security system 310 

permanent. mav De included in a portable computer. For another 

Any one or combination of the responses listed in blocks 60 embodiment the system 310 may be included in systems that 

530-550 may be implemented in the present system. Alter- have an authorized area of use, such as rental cars/vans. For 

native mechanisms may be used to protect the system from example, some rental car companies prohibit removing the 

removal from a designated geographic location. vehicle from the state or country. This could be monitored 

FIG. 6 is a flowchart illustrating one embodiment of the using the security system. Other transportable goods which 

process of adding authorized locations to the present system. 65 may have an authorized set of locations, for example freight 

The system includes a database of authorized locations. being transported, may also include the security system 310. 

These locations may be as narrow as a particular building, This may prevent theft of such goods. For one embodiment, 
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the security system 310 may be implemented on the primary 
chip or motherboard. 

For yet another embodiment, the security system 310 may 
be included in expensive stereos, video camcorders, high 
end audio equipment, military systems, defense/military 5 
items, kiosks, multimedia systems, mainframes, PBX 
systems, server systems, routers & hubs, super computers, 
etc. The security system 310 may further be included in any 
organizer that includes sensitive information. Additionally, 
the system 310 may be incorporated into sensitive 1Q 
equipment — f.e. systems under development Other uses for 
the security system may be found as well. 

In the foregoing specification, the invention has been 
described with reference to specific exemplary embodiments 
thereof. It will, however, be evident that various modifica- 
tions and changes may be made thereto without departing 
from the broader spirit and scope of the invention as set forth 
in the appended claims. The specification and drawings are, 
accordingly, to be regarded in an illustrative rather than a 
restrictive sense. 

What is claimed is: 20 

1. A system coupled to a device, the system comprising: 
a location receiver to receive a current location of the 

system; 

a memory to include at least one authorized location for 
the system; 25 

a comparator to compare the current location with the 
authorized location; and 

a response unit to be programmed by a user of the system 
with one or more responses, the response unit to 
perform substantially automatically at least one of the 30 
responses if the current location does not correspond to 
the authorized location. 

2. The system of claim 1, wherein the programmed 
response comprises disabling the device to which the system 

is coupled if the current location does not correspond to the 35 
authorized location. 

3. The system of claim 1, wherein the programmed 
response comprises sending a warning to a user. 

4. The system of claim 1, wherein the programmed 
response comprises alerting authorities if the current loca- ^ 
tion does not correspond to the authorized location. 

5. The system of claim 1, wherein the programmed 
response comprises deleting files from the system to prevent 
access to the files. 

6. The system of claim 1, wherein the programmed 
response comprises, for a device which is a computer 45 
system, locking the computer system until the current loca- 
tion corresponds to the authorized location. 

7. The system of claim 1, further comprising a timer to 
trigger a comparison by the comparator of the current 
location and the authorized location on a periodic basis. 50 

8. The system of claim 1, wherein the location receiver 
comprises a global positioning system (GPS) receiver. 

9. The system of claim 1, further comprising: a user 
interface to add and delete authorized locations in the 
memory. 55 

10. The system of claim 9, wherein access to the user 
interface is protected by a security mechanism. 

11. The system of claim 10, wherein the security mecha- 
nism is a password system. 

12. The system of claim 9, wherein the memory is a flash 60 
memory card, and wherein the user interface is a flash 
memory user interface. 

13. The system of claim 9, wherein the user interface 
further comprises: 

a map display mechanism to display a map; and 65 
a selection mechanism to select an area within the map as 
an authorized location. 



14. The system of claim 13, further comprising a trans- 
lation mechanism to translate the area to geographic coor- 
dinates for the location receiver. 

15. The system of claim 1, further comprising a default 
response. 

16. The system of claim 1, wherein the device comprises 
a computer system, and a processor of the computer system 
is used as the comparator. 

17. A method of security for an item including a 
processor, a memory, and a security mechanism, the method 
comprising: 

allowing a user to program at least one response into the 
security mechanism; 

periodically receiving current location information corre- 
sponding to a current geographic coordinates of the 
item from a location receiving unit; 

comparing the current location of the item with one or 
more authorized locations in the memory; and 

performing substantially automatically at least one of the 
responses if the current location of the item does not 
correspond to one of the one or more authorized 
locations. 

18. The method of claim 17, wherein the programmed 
response comprises one of the following: disabling the item, 
sending a warning to a user, alerting authorities, files, and 
locking the item. 

19. The method of claim 18, further comprising the step 
of preventing the item from being enabled until the current 
location corresponds to an authorized location. 

20. The method of claim 17, wherein said authorized 
location may be a plurality of authorized locations, and 
comparing the current location comprises comparing each of 
the plurality of authorized locations with the current loca- 
tion. 

21. The method of claim 17, further comprising: 
receiving a request to change the database of authorized 

locations; 

verifying an authorization to change the database of 

authorized locations; and 
if an authorization is received, enabling a user to add and 

delete the authorized locations. 

22. The method of claim 21, wherein enabling a user to 
add additional authorized locations comprises: 

displaying a map; 

prompting the user to select a new authorized location on 
the map. 

23. The method of claim 22, further comprising translat- 
ing the new authorized location into a set of location 
coordinates. 

24. The method of claim 22, wherein displaying a map 
comprises displaying a plurality of increasingly detailed 
maps based on the user's selections. 

25. A computer system including a security mechanism 
for the computer system, the computer system comprising: 

a processor; 
a bus; 

a memory coupled to the processor and the bus; and 
a security mechanism comprising: 

the memory to include at least one authorized location 

for the system; 
a location receiver to receive a current location of the 
system; 

the processor to compare the current location with the 
authorized location; and 
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a response unit to be programmed by a user of the 
computer system with one or more responses, the 
response unit to perform substantially automatically 
at least one of the responses if the current location 
does not correspond to the authorized location. 

26. The system of claim 25, wherein the response unit is 
further to disable the processor if the current location does 
not correspond to the authorized location. 

27. The system of claim 25, wherein the response com- 
prises one of the following: disabling the computer system, 
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sending a warning to a user, alerting authorities, deleting 
files from the computer system, limiting access to the 
computer system, and locking the computer system until the 
current location corresponds to the authorized location. 
5 28, The system of claim 27, wherein alerting authorities 
comprises sending an electronic message to a designated 
authority, when the computer system is coupled to a net- 
work. 

***** 
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